On 12/17/2016 02:04 PM, Stephen Frost wrote: > Note that RLS won't be applied for the table owner either (unless the > relation has 'FORCE RLS' enabled for it), so you don't have to have > functions which are run as superuser to use the approach Joe > recommended.
Good point, thanks, I should have mentioned that. You would be better off having a different user own both the table and the function in order to avoid using/abusing the superuser for that purpose. Just be aware that FORCE RLS would break that solution. -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature
